fenetre CiD internet exploreur intempestive
Forum Sécurité - Virus : fenetre CiD internet exploreur intempestive
salut, j'ai un probleme , dés que je navigue sur le web, des fenetres internet exploreur s'ouvre
toute seul avec ecrit en haut "CiD: casino(ou autre)"
si quelqu un peut m aider...
Bonjour,
Télécharge Hijackthis (de Merjin).
Dézippe-le dans un dossier ou sur ton Bureau.
Lance l'application.
Choisis l'option "Do a system scan and save a logfile"
Le Bloc-Notes s'ouvre :
-> Edition / Sélectionner Tout
-> Edition / Copier
Colle le rapport ici.
AIDE : Tuto en vidéo sur Hijackthis
&
Télécharge LopResearch.zip
Dézippe-le sur ton Bureau.
Lance le fichier Scan.bat
Un rapport sera généré, poste son contenu ici.
Répondre à Angeldark
Logfile of HijackThis v1.99.1
Scan saved at 14:28:11, on 17/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Norman\bin\ZLH.EXE
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\Documents and Settings\kevin\Bureau\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.f [...] r_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/im [...] loader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 9095264125
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.alloticket.com/MicroPai [...] nstall.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacar [...] player.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.caramail.lycos.fr [...] loader.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeux.wanadoo.fr/online2/din [...] 0.0.58.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeux.wanadoo.fr/online2/ins [...] loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{628BDF4B-AC23-45CB-899B-08C80E512DF6}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: bw+0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Rapport fait à 14:29:59,67 le 17/03/2007
Le volume dans le lecteur C s'appelle disque dur
Le num‚ro de s‚rie du volume est F8A2-C457
R‚pertoire de C:\Documents and Settings\All Users\Application Data
08/03/2007 20:19 <REP> Yahoo! Companion
25/02/2007 17:48 <REP> TEMP
20/02/2007 23:22 <REP> MAGSBOOKDELETERULE
26/01/2007 20:47 <REP> Adobe
24/12/2006 15:23 <REP> Pinnacle Studio
24/12/2006 15:18 <REP> Pinnacle
22/09/2006 14:44 <REP> Google
16/09/2006 15:04 <REP> CyberLink
15/09/2006 10:52 <REP> Oberongames
10/09/2006 13:53 <REP> nView_Profiles
20/05/2006 12:39 <REP> Windows Genuine Advantage
19/05/2006 20:50 <REP> Zylom
21/03/2006 19:44 <REP> pixelStorm
14/10/2005 11:45 <REP> Trymedia
26/01/2005 19:43 <REP> QuickTime
26/01/2005 19:40 <REP> Kodak
02/11/2004 00:14 <REP> Macrovision
01/01/2000 12:25 <REP> SBSI
01/01/2000 12:14 62 desktop.ini
01/01/2000 12:13 <REP> Microsoft
01/01/2000 12:13 <REP> ..
01/01/2000 12:13 <REP> .
1 fichier(s) 62 octets
21 R‚p(s) 36425330688 octets libres
Le volume dans le lecteur C s'appelle disque dur
Le num‚ro de s‚rie du volume est F8A2-C457
R‚pertoire de C:\Documents and Settings\kevin\Application Data
08/03/2007 22:09 <REP> Talkback
08/03/2007 22:09 <REP> Mozilla
01/03/2007 18:17 <REP> Audacity
27/02/2007 20:05 <REP> CCleanup
20/02/2007 23:21 <REP> DrvDelete
11/02/2007 17:00 <REP> DivX
31/01/2007 22:27 <REP> vlc
13/01/2007 17:02 <REP> InstallShield
26/10/2006 22:29 <REP> ArcSoft
26/09/2006 10:47 <REP> Magic Match
16/09/2006 13:07 <REP> CyberLink
29/05/2006 09:02 <REP> Real
17/05/2006 11:11 <REP> FotoWire
25/04/2006 11:20 <REP> EA
06/04/2006 21:15 <REP> Norman
26/12/2005 21:58 <REP> Google
03/10/2005 14:19 <REP> Smart Panel
03/10/2005 14:19 <REP> EPSON
23/08/2005 13:25 <REP> eConf
31/07/2005 23:34 <REP> WholeSecurity
17/11/2004 22:06 <REP> Macromedia
11/09/2004 23:57 <REP> Microsoft Games
31/01/2004 19:06 <REP> InterVideo
31/01/2004 19:06 <REP> AdobeUM
31/01/2004 19:01 <REP> Template
31/01/2004 16:22 <REP> Help
31/01/2004 15:44 <REP> Adobe
31/01/2004 14:45 62 desktop.ini
31/01/2004 14:45 <REP> Identities
31/01/2004 14:45 <REP> ..
31/01/2004 14:45 <REP> .
31/01/2004 14:45 <REP> Microsoft
1 fichier(s) 62 octets
31 R‚p(s) 36425330688 octets libres
Le volume dans le lecteur C s'appelle disque dur
Le num‚ro de s‚rie du volume est F8A2-C457
R‚pertoire de C:\Documents and Settings\no‰llie\Application Data
14/06/2005 23:28 <REP> WholeSecurity
29/05/2005 19:04 <REP> MSN6
20/04/2005 22:37 <REP> Smart Panel
20/04/2005 22:37 <REP> EPSON
26/12/2004 17:02 <REP> Real
27/10/2004 18:33 <REP> ABBYY
26/10/2004 20:27 <REP> Microsoft Games
16/10/2004 10:55 <REP> Help
16/10/2004 09:11 <REP> Macromedia
30/01/2004 17:45 <REP> Template
25/01/2004 18:56 <REP> NeroVision
25/01/2004 18:47 <REP> AdobeUM
25/01/2004 18:19 <REP> Adobe
25/01/2004 18:13 <REP> InterVideo
25/01/2004 18:10 <REP> Ahead
25/01/2004 17:52 62 desktop.ini
25/01/2004 17:52 <REP> Identities
25/01/2004 17:52 <REP> ..
25/01/2004 17:52 <REP> .
25/01/2004 17:52 <REP> Microsoft
1 fichier(s) 62 octets
19 R‚p(s) 36425310208 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C s'appelle disque dur
Le num‚ro de s‚rie du volume est F8A2-C457
R‚pertoire de C:\WINDOWS\Tasks
07/03/2007 12:18 330 MP Scheduled Scan.job
22/02/2007 22:15 266 BA1F15AA93B0BCBE.job
05/11/2003 03:20 65 desktop.ini
01/01/2000 12:20 6 SA.DAT
01/01/2000 12:18 <REP> ..
01/01/2000 12:18 <REP> .
4 fichier(s) 667 octets
2 R‚p(s) 36ÿ425ÿ310ÿ208 octets libres
******************************************
Recherche dans Program files
Le dossier C:\Program Files\C2Media n'existe pas
*************** Fin du rapport ****************
Re,
Avant de supprimer Lop :
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Répondre à Angeldark
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 17/03/2007 a 14:38:41,37
*** Recherche de fichiers sur C:
C:\unwise.exe FOUND
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\winsys.exe FOUND
C:\WINDOWS\impborl.dll FOUND
*** Fin du rapport !
Re,
Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
Double-clique sur OTMoveIt.exe afin de le lancer.
Sélectionne TOUS les emplacements ci-dessous :
C:\Documents and Settings\All Users\Application Data\MAGSBOOKDELETERULE
C:\Documents and Settings\kevin\Application Data\DrvDelete
C:\WINDOWS\Tasks\BA1F15AA93B0BCBE.job
C:\unwise.exe
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\impborl.dll
---> Clique-droit puis Copier
Retourne sur OTMoveIt, fais un Clique-droit sur le cadre de gauche puis choisis Coller.
Clique maintenant sur MoveIt!
!! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES
Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.
Message édité par Angeldark le 17-03-2007 à 15:00:12
Répondre à Angeldark
File/Folder not found.
C:\Documents and Settings\All Users\Application Data\MAGSBOOKDELETERULE moved successfully.
C:\Documents and Settings\kevin\Application Data\DrvDelete moved successfully.
C:\WINDOWS\Tasks\BA1F15AA93B0BCBE.job moved successfully.
File/Folder C:\unwise.exe FOUND not found.
C:\WINDOWS\system32\winsys.exe moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\impborl.dll
C:\WINDOWS\impborl.dll NOT unregistered.
C:\WINDOWS\impborl.dll moved successfully.
Created on 03/17/2007 14:49:21
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of HijackThis v1.99.1
Scan saved at 14:57:09, on 17/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Norman\bin\ZANDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Norman\bin\NJEEVES.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\Norman\bin\ZLH.EXE
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Wanadoo\EspaceWanadoo.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TribalWeb.net\tribalweb.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\kevin\Bureau\hijack\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Norman\NORMAN~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.f [...] r_cert.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/im [...] loader.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn. [...] nPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micros [...] 9095264125
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537 [...] scan53.cab
O16 - DPF: {7DBFDA8E-D33B-11D4-9269-00600868E56E} - http://www.alloticket.com/MicroPai [...] nstall.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.servicesalacar [...] player.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f009.mail.caramail.lycos.fr [...] loader.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://jeux.wanadoo.fr/online2/din [...] 0.0.58.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://jeux.wanadoo.fr/online2/ins [...] loader.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{628BDF4B-AC23-45CB-899B-08C80E512DF6}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: bw+0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {5F3D9277-270D-4A83-A5BB-C792DBBD2F3E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Re,
Tu peux supprimer ce fichier ?
C:\unwise.exe
Répondre à Angeldark
oui,il est suprimé
Re,
Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
Répondre à Angeldark
Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 17/03/2007 a 16:30:30,95
*** Recherche de fichiers sur C:
*** Recherche des fichiers dans C:\WINDOWS\system32
*** Fin du rapport !
le probleme semble etre resolu
On vérifie.
- Fais un scan en ligne Kaspersky avec Internet Explorer :
- Clique sur
- Clique maintenant sur J'accepte.
- Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail
- Sauvegarde puis colle le rapport généré en fin d'analyse.
AIDE : Configurer le contrôle des ActiveX
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Répondre à Angeldark
KASPERSKY ON-LINE SCANNER REPORT
Saturday, March 17, 2007 7:04:31 PM
Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.83.0
Dernière mise à jour de la base antivirus Kaspersky : 17/03/2007
Enregistrements dans la base antivirus Kaspersky : 282636
Paramètres d'analyse
Analyser avec la base antivirus suivante étendue
Analyser les archives vrai
Analyser les bases de messagerie vrai
Cible de l'analyse Poste de travail
A:\
C:\
D:\
E:\
F:\
G:\
Z:\
Statistiques de l'analyse
Total d'objets analysés 90446
Nombre de virus trouvés 1
Nombre d'objets infectés 5 / 0
Nombre d'objets suspects 0
Durée de l'analyse 01:48:34
Nom de l'objet infecté Nom du virus Dernière action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-02252007-234533.log L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt L'objet est verrouillé ignoré
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt L'objet est verrouillé ignoré
C:\Documents and Settings\kevin\Bureau\clean.zip/clean/pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré
C:\Documents and Settings\kevin\Bureau\clean.zip ZIP: infecté - 1 ignoré
C:\Documents and Settings\kevin\Bureau\hijack\clean\pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré
C:\Documents and Settings\kevin\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\kevin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\kevin\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\kevin\Local Settings\Historique\History.IE5\MSHist012007031720070318\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\XRWNFG0N\clean[1].zip/clean/pskill.exe Infecté : not-a-virus:RiskTool.Win32.PsKill.k ignoré
C:\Documents and Settings\kevin\Local Settings\Temporary Internet Files\Content.IE5\XRWNFG0N\clean[1].zip ZIP: infecté - 1 ignoré
C:\Documents and Settings\kevin\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\kevin\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat L'objet est verrouillé ignoré
C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 01 (VOST FR by LauCass).avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 01 (VOST FR by LauCass).avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 02 (VOST FR by LauCass).avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 02 (VOST FR by LauCass).avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 03 (VOST FR by LauCass).avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 03 (VOST FR by LauCass).avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 04 (VOST FR by LauCass).avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 04 (VOST FR by LauCass).avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 05 (VOST FR by LauCass).avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 05 (VOST FR by LauCass).avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 06 (VOST FR by LauCass).avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 06 (VOST FR by LauCass).avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 07 (VOST FR by LauCass).avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 07 (VOST FR by LauCass).avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 09 (VOST FR by LauCass).avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 09 (VOST FR by LauCass).avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 10 (VOST FR by LauCass).avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate Housewives - Saison 3 - Episode 10 (VOST FR by LauCass).avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate.Housewives.315.notv.VF_PC.avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate.Housewives.315.notv.VF_PC.avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate.Housewives.S03E08.VOST.French.by.CaSaDiVX.avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate.Housewives.S03E08.VOST.French.by.CaSaDiVX.avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate.Housewives.S03E11.VOST.French.by.CaSaDiVX.avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate.Housewives.S03E11.VOST.French.by.CaSaDiVX.avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate.Housewives.S03E12.VOST.French.by.CaSaDiVX.avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate.Housewives.S03E12.VOST.French.by.CaSaDiVX.avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate.Housewives.S03E13.VOST.French.by.CaSaDiVX.avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate.Housewives.S03E13.VOST.French.by.CaSaDiVX.avi.downloading.state L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate[1].Housewives.s03e14.HDTV.XviD-NoTV.VF_PC.avi.downloading L'objet est verrouillé ignoré
C:\Documents and Settings\noëllie\Mes documents\kevin.libereau\Mes réceptions TribalWeb.net\noellie_et_kevin\desperate housewives saison 3\Desperate[1].Housewives.s03e14.HDTV.XviD-NoTV.VF_PC.avi.downloading.state L'objet est verrouillé ignoré
C:\Program Files\EPSON\EPSON PhotoQuicker3.5\Config\User\noëllie.pq3 L'objet est verrouillé ignoré
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.me L'objet est verrouillé ignoré
C:\Program Files\Kodak\Kodak EasyShare software\Catalog\EasyShare.mm L'objet est verrouillé ignoré
C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\es.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll L'objet est verrouillé ignoré
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll L'objet est verrouillé ignoré
C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\edb.log L'objet est verrouillé ignoré
C:\WINDOWS\system32\CatRoot2\tmp.edb L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\dtscsi.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\drivers\sptd6029.sys L'objet est verrouillé ignoré
C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
Z:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
Analyse terminée.
Il faudrait se calmer sur le P2P.
D'autres problèmes ?
Répondre à Angeldark
pas pour le moment,merci pour le coup de main(ou de souris),autrement je voudrais savoir si enregistrer la radio est illégal? car on peut le faire avec winamp+streamripper, plus besoin deP2P pour la zic.
Je ne pense pas.
Répondre à Angeldark
Messages supprimés.
Crée ton propre sujet !
Répondre à Angeldark
Salut, j'ai un probleme de fenetre intemptestives CID (MAC+bootcamp+windoms), pouvez vous m'aider, j'ai le rapport hijack mais je ne sais pas quoi en faire...
merci
Logfile of HijackThis v1.99.1
Scan saved at 14:29:02, on 24/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Brightness.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apple Keyboard Support\KbdMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\lclock.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\pc\Bureau\hijackthis\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.winlsd.org/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: IE 4.x-6.x BHO for Internet Download Accelerator - {2A646672-9C3A-4C28-9A7A-1FB0F63F28B6} - C:\PROGRA~1\IDA\idaiehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AppleTime] C:\WINDOWS\system32\AppleTime.exe
O4 - HKLM\..\Run: [Brightness] C:\WINDOWS\system32\Brightness.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Apple_KbdMgr] "C:\Program Files\Apple Keyboard Support\KbdMgr.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [tonslessshimmode] C:\Documents and Settings\All Users\Application Data\fordantetonsless\storebyte.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [TeamDoes] C:\DOCUME~1\pc\APPLIC~1\SECOND~1\Gpl Web Save.exe
O8 - Extra context menu item: Download ALL with IDA - C:\Program Files\IDA\idaieall.htm
O8 - Extra context menu item: Download with IDA - C:\Program Files\IDA\idaie.htm
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O9 - Extra 'Tools' menuitem: &Internet Download Accelerator - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - C:\Program Files\IDA\ida.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE4849C4-DC6B-41E8-8DF7-3A5757B3AA78}: NameServer = 192.168.1.1
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
Rapport fait à 14:44:17,62 le 24/03/2007
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 74C8-33DC
R‚pertoire de C:\Documents and Settings\Default User\Application Data
26/02/2007 15:07 62 desktop.ini
26/02/2007 15:07 <REP> Microsoft
26/02/2007 15:07 <REP> ..
26/02/2007 15:07 <REP> .
1 fichier(s) 62 octets
3 R‚p(s) 14752956416 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 74C8-33DC
R‚pertoire de C:\Documents and Settings\All Users\Application Data
11/03/2007 16:50 <REP> Windows Genuine Advantage
06/03/2007 14:35 <REP> Spybot - Search & Destroy
05/03/2007 18:09 <REP> fordantetonsless
02/03/2007 11:51 <REP> CanonBJ
02/03/2007 11:50 <REP> SSScanWizard
02/03/2007 11:50 <REP> SSScanAppDataDir
26/02/2007 17:17 <REP> Adobe
26/02/2007 17:16 <REP> QuickTime
26/02/2007 15:07 62 desktop.ini
26/02/2007 15:07 <REP> ..
26/02/2007 15:07 <REP> .
26/02/2007 15:07 <REP> Microsoft
1 fichier(s) 62 octets
11 R‚p(s) 14752956416 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 74C8-33DC
R‚pertoire de C:\Documents and Settings\pc\Application Data
06/03/2007 14:34 <REP> Lavasoft
05/03/2007 18:09 <REP> SECONDLESSDENT
05/03/2007 18:08 <REP> BitDownload
02/03/2007 11:50 <REP> ScanSoft
28/02/2007 17:59 <REP> Internet Download Accelerator
28/02/2007 14:22 <REP> Macromedia
28/02/2007 13:55 <REP> Mozilla
26/02/2007 17:25 <REP> Graphisoft
26/02/2007 17:14 <REP> Sun
26/02/2007 15:43 <REP> Help
26/02/2007 15:34 <REP> Identities
26/02/2007 15:34 62 desktop.ini
26/02/2007 15:34 <REP> ..
26/02/2007 15:34 <REP> .
26/02/2007 15:34 <REP> Microsoft
1 fichier(s) 62 octets
14 R‚p(s) 14752956416 octets libres
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 74C8-33DC
R‚pertoire de C:\WINDOWS\Tasks
26/02/2007 15:29 6 SA.DAT
26/02/2007 15:13 65 desktop.ini
26/02/2007 15:13 <REP> ..
26/02/2007 15:13 <REP> .
2 fichier(s) 71 octets
2 R‚p(s) 14ÿ752ÿ956ÿ416 octets libres
******************************************
Recherche dans Program files
Le dossier C:\Program Files\C2Media n'existe pas
*************** Fin du rapport ****************
Il y a 2507 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
